----- Original Message ----- From: "Sanford Whiteman" <[EMAIL PROTECTED]> To: "Jerry Murdock" <[EMAIL PROTECTED]> Sent: Monday, March 25, 2002 1:28 PM Subject: Re[4]: [IMail Forum] Attn: Declude Confirm users who have upgraded to IMail 7.06HF1
> And you wouldn't need to breach the mail server interactively--you'd > just need to have hacked an Admin username and be on any machine > behind the firewall. > If the mail server is that accessible to any machine behind the firewall, then that in itself is a problem. But at that level of compromise there are untold things they could do that would be easy, silent, and probably less noticeable than passing infected messages. This would just add one more, relatively minor possible attack to an infinitely long list. The only safe thing to do at that point is wipe the drive and start over. > On my dedicated boxes and those with CF, nothing appears to have gone > awry (I've had 8.3 turned off for years), but people should give a > second look. > I've seen a couple of odd-ball problems. My take is if it's not a VERY temp file intensive task, leave 8.3 on. > I was thinking that exact thing, which is why I offered up the > possibility that SMTP32 might have reason to parse the 16-character > filename at some point in the future. This would, of course, break the > entire system, since F-Prot can't rebuild the LFN when it's done. > Not really an issue. F-Prot never touches the LFN that imail sees. Imail is never aware of the filenames Declude passes to the command line scanner, and the scanner is never aware of the queue filename. Imail passes the queue file to Declude, Declude does it's stuff then either passes the clean queue file on to SMTP32, or quarantines the queue file and sends it's notices. The only issue is that Declude currently unpacks attachments into a temp directory named "\whatever\path\queuefilename.vir" When Declude passes the now longer directory name to the scanner, the DOS scanner(s?) can't deal with it. Declude could decide to roll it's own 8.3 compliant temp directory names, and imail wouldn't care. F-prot never touches the queue file, and the queue filename is never changed (outside of the standard imail locking mechanisms which are handled by Declude). For this to cause problems, ipswitch will have to FUNDAMENTALLY change the only published hook into the SMTP processing stream. Declude would not be the only thing they would break. Jerry Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
